05-10:(s^luuj) NOll^ana , :a)S0 ,90C62Z8:SlfJQ *0/L-=ftJXd3-OldSn:yAS JauJil pi^piiB^ luais^Hj t l jd C0:8tH tOOS/ZZ/ZL 1VOAOH , t/L 30Vd 

/ 

REMARKS 

The specification has been amended. Claims 1,15, and 1 7 have been amended. No new 
matter has been introduced with these amendments, which are supported in the specification as 
originally filed. Claims 1-18 remain in the application. 

I. Rejection under 35 U.S.C. § 102 

Page 2 of the Office Action dated September 27, 2004 (hereinafter, "the Office Action") 
states that Claims 1,15, and 17 are rejected under 35 U.S.C. § 102(b) as being anticipated by 
Barkley et al. (U.S. 6,202,066). Pages 2 - 3 of the Office Action farther stale that Claims 2 - 14, 
16, and 18 are also rejected under 35 U.S.C. §102(b) as being anticipated by Barkley. This 
rejection is respectfully traversed. 



Referring first to independent Claims I, 15, and 17, Applicants respectfully submit that the 
Office Action fails to make out * prima facie case of anticipation as to these claims. The first 
limitation of these claims specifies "...identifying one or more groups of permitted actions on 
selected resources" (emphasis added). The second limitation specifies u ... assigning a name to 
each identified group" {i.e., assigning a name to each group of permitted actions) and the final 
limitation specifies associating subjects with each assigned name" (£e„ associating subjects, 
such as users or groups of users, with each named group of permitted actions) . 

Barkley uses a different approach. In particular, Barkley teaches groups (U., roles) that 
are comprised of users, n^t groups of permitted actions . (See, for example, col. 5 S line 1, a role... 
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assigned to users".) Furthermore, in contrast to Applicants' technique of controlling access based 
on groups of permitted actions, Barkley teaches that access is controlled with regard to 
collections of objects . (See, for example, col. 4, lines 29 - 30, 'introducing an object-based 
access control method", emphasis added, and lines 33 -35, "an obiect-based access control 
method may be employed to provide convenient access to objects", emphasis added.) 

See also col. 5, lines 5-11, where Barkley teaches that "... those [users or groups] 
designated as members of a first role [are] to be given a first level of access or permissions to a 
first set of files or objects, while those [users or groups] designated to a second role are granted a 
different second level of access to the same set of files." Suppose, for example, that Barkley' s 
"first role" is comprised of users A, B, and C, while the second role is comprised of users X, Y, 
and Z. The "set of files or objects" may be, for example, Barkley* s "accounts" files. The "first 
level of access or permissions" may be, for example, read-only access for users A, B, and C in the 
first role, and read/write access for users X, Y, and Z in the second role. As can be seen by 
referring to Barkley 9 s text (such as the text in col. 5, lines 5-11), Barkley teaches assigning 
names to the roles, but (in contrast to the first and second limitations of their independent claims), 
Applicants find no discussion in Barkley that groups of permitted actions are identified and 
assigned a name. See also col 5, lines 9-13, where Berkley's Object Access Type, or "OAT", is 
defined in terms of access to sets/groups of objects . The text of those lines states that "An OAT 
is then created associating the first role [/.<?„ a first named collection of u$ers/group$] with the 
first level of permissions, and the second role similarly with the second [level of permissions].* 7 . 
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According to Applicants* understanding of Barkley's teachings, Barkley's disclosed 
approach corresponds to the **role-privilege M model which was discussed at length in Applicants' 
specification. See, for example, the discussion of Applicants' Fig. 2, which begins on p. 12 of 
Applicants* specification. Applicants' specification teaches that the role-privilege model uses a 
privilege attribute associated with users and user groups, and roles that can be mapped to one or 
more subjects (/.e., users, user-groups, etc.). See p, 13, lines 3 - 5. As stated in Applicants 5 
specification, in a role-privilege model, a A number of roles are defined, and user groups are 
associated with these roles ". See p. 1 5, lines 13-14. This "role-privilege" model is in contrast 
to Applicants* disclosed "role-permissions" model. See, for example, the discussion of 
Applicants' Fig. 4, where an example role-permissions model is presented. 

In summary, Applicants respectfully submit that Barkley fails to teach assigning a name to 
an identified group of permitted a ctions on selected resources, and then associating subjects with 
that named group. Barkley therefore fails to teach the limitations of Applicants 7 independent 
Claims 1 , 1 5 7 and 1 7, and these claims are therefore deemed patentable over Barkley. Dependent 
Claims 2 - 14, 16, and 18 are therefore deemed allowable over Barkley by virtue of the novelty of 
the independent claims. The Examiner is therefore respectfully requested to withdraw the § 1 02 
rejection. 

II. Conclusion 

Applicants respectfully request reconsideration of the pending rejected claims, withdrawal 
of all presently outstanding rejections, and allowance of all claims at an early date. 
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Respectfully submitted, 

Marcia L. Doubet 
Attorney for Applicants 
Reg. No. 40,999 

Customer Number for Correspondence: 43168 
Phone: 407-343-7586 
Fax: 407-343-7587 
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